dany/pdfio
1
0
Fork 0
mirror of https://github.com/michaelrsweet/pdfio.git synced 2025-04-04 16:06:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add some more range checking to the cmap code.

Browse Source
This commit is contained in:
Michael R Sweet 2025-03-06 14:16:38 -05:00
parent 2f925ccd3c
commit e9debcd169
No known key found for this signature in database
GPG Key ID: BE67C75EC81F3244
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES.md
View File

@ -14,7 +14,7 @@ v1.5.0 - YYYY-MM-DD
- Now support opening damaged PDF files (Issue #45) - Now support opening damaged PDF files (Issue #45)
- Updated documentation (Issue #95) - Updated documentation (Issue #95)
- Updated the pdf2txt example to support font encodings. - Updated the pdf2txt example to support font encodings.
- Fixed a potential heap overflow in the TrueType font code. - Fixed potential heap/integer overflow issues in the TrueType cmap code.
v1.4.1 - 2025-01-24 v1.4.1 - 2025-01-24

4
ttf.c
View File

@ -1423,7 +1423,7 @@ read_cmap(ttf_t *font) // I - Font
group->startGlyphID = read_ulong(font); group->startGlyphID = read_ulong(font);
TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, startGlyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->startGlyphID); TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, startGlyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->startGlyphID);
if (group->startCharCode > group->endCharCode) if (group->startCharCode > group->endCharCode || group->startCharCode >= TTF_FONT_MAX_CHAR || group->endCharCode >= TTF_FONT_MAX_CHAR)
{ {
errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode); errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
free(groups); free(groups);
@ -1514,7 +1514,7 @@ read_cmap(ttf_t *font) // I - Font
group->glyphID = read_ulong(font); group->glyphID = read_ulong(font);
TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, glyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->glyphID); TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, glyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->glyphID);
if (group->startCharCode > group->endCharCode) if (group->startCharCode > group->endCharCode || group->startCharCode >= TTF_FONT_MAX_CHAR || group->endCharCode >= TTF_FONT_MAX_CHAR)
{ {
errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode); errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
free(groups); free(groups);